chkrootkit source code

1. /* Copyright (C) Hal Pomeranz <hal@deer-run.com> and Deer Run Assoc, 2002/11/24
2. All rights reserved. Permission granted to freely redistribute and update
3. as long as this Copyright notice is preserved. No warranty expressed or
4. implied.
5. $Id: chkdirs.c,v 1.3 2003/01/20 19:44:13 hal Exp $
6. Usage: chkdirs [-n] dir ...
7. Examples: chkdirs /
8. chkdirs -n /proc
9. Recursively traverses one or more directories looking for discrepancies
10. between the parent directory link count and the number of subdirectories
11. (parent directory link count should always equal the number of subdirs
12. plus two-- anything else indicates a "hidden" directory). "-n" option
13. means check directory but don't recursively descend into subdirectories.
14. Changelog :
15. 2002/12/19 - Little port for *BSB and Solaris - Nelson Murilo
16. 2003/01/09 - More fix for Solaris - Nelson Murilo
17. 2003/01/14 - HP-UX patch - Gerard Breiner
18. 2003/01/20 - NAME_MAX Fix by Hal Pomeranz
19. 2003/09/01 - BSDI port by Nelson Murilo and Thomas Davidson
20. 2005/22/05 - APPLE test for limits.h included by Aaron Harwood
21. 2007/08/10 - strncpy used instead of strcpy - nm
22. 2007/12/24 - change `c' variable type - NIDE, Naoyuki
23. */
24.  
25. #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__sun) || defined (hpux) || defined (__bsdi__) || defined (bsdi) || defined (__APPLE__)
26. #include <limits.h>
27. #elif defined(__APPLE__) && defined(__MACH__)
28. #include <sys/syslimits.h>
29. #endif
30.  
31. #include <stdio.h>
32. #include <stdlib.h>
33. #include <sys/types.h>
34. #include <sys/stat.h>
35. #include <unistd.h>
36. #include <dirent.h>
37. #include <string.h>
38. #include <errno.h>
39.  
40. #ifndef NAME_MAX
41. #define NAME_MAX PATH_MAX
42. #endif
43.  
44. struct dirinfolist {
45. char dil_name[NAME_MAX+1];
46. int dil_lc;
47. struct dirinfolist *dil_next;
48. };
49.  
50.  
51. void usage ()
52. {
53. fprintf(stderr, "chkdirs [-n] dir ...\n");
54. exit(255);
55. }
56.  
57. char *make_pathname (char *path, char *dir, char **buffer)
58. {
59. int plen, pathname_len, bufsize, offs;
60.  
61. bufsize = 0;
62.  
63. plen = strlen(path);
64. pathname_len = plen + strlen(dir) + 2;
65.  
66. if (!(*buffer) || (sizeof(*buffer) < pathname_len)) {
67. if (buffer) free((void *)*buffer);
68. bufsize = (pathname_len > PATH_MAX) ? pathname_len : PATH_MAX;
69. if (!(*buffer = (char *)malloc(bufsize))) {
70. return((char *)NULL);
71. }
72. }
73.  
74. if (dir[0] == '/') { /* "dir" is absolute pathname, don't prepend "path" */
75. offs = 0;
76. }
77. else {
78. strncpy(*buffer, path, bufsize);
79. if ((*buffer)[plen-1] == '/') { /* "path" ends in "/", don't add extra */
80. offs = plen;
81. }
82. else {
83. (*buffer)[plen] = '/';
84. offs = plen + 1;
85. }
86. }
87. strncpy((*buffer)+offs, dir, bufsize - offs);
88. return((*buffer));
89. }
90.  
91. int check_dir (char *dir, char *path, int linkcount, int norecurse)
92. {
93. int diff = -1;
94. int plen, buflen, numdirs;
95. char *curpath, *fullpath;
96. DIR *dirhandle;
97. struct dirent *finfo;
98. struct dirinfolist *dl, *dptr;
99. struct stat statinfo;
100.  
101. /* When called recursively, "path" will be the full path of the cwd,
102. but when called from main() "path" is empty. We need the cwd path
103. so we can chdir() back at the end of this routine, as well as when
104. printing errors and other output.
105. */
106. if (!path || !(plen = strlen(path))) {
107. buflen = PATH_MAX;
108. retry:
109. if (!(curpath = (char *)malloc(buflen))) {
110. fprintf(stderr, "malloc() failed: %s\n", strerror(errno));
111. return(-1);
112. }
113. if (!getcwd(curpath, buflen)) {
114. if (errno == ERANGE) {
115. free((void *)curpath);
116. buflen = buflen * 2;
117. goto retry;
118. }
119. else {
120. fprintf(stderr, "getcwd() failed: %s\n", strerror(errno));
121. return(-1);
122. }
123. }
124. }
125. else { /* "path" is set, so just copy it into "curpath" */
126. if (!(curpath = (char *)malloc(plen+1))) {
127. fprintf(stderr, "malloc() failed: %s\n", strerror(errno));
128. return(-1);
129. }
130. strncpy(curpath, path, plen+1);
131. }
132.  
133. /* Now set "fullpath" to be the absolute path name of the directory
134. we will be checking (prepend "curpath" if "dir" is not already an
135. absolute pathname).
136. */
137. fullpath = (char *)NULL;
138. if (!make_pathname(curpath, dir, &fullpath)) {
139. fprintf(stderr, "make_pathname() failed: %s\n", strerror(errno));
140. free((void *)curpath);
141. return(-1);
142. }
143.  
144. if (chdir(dir)) {
145. fprintf(stderr, "chdir(%s): %s\n", fullpath, strerror(errno));
146. free((void *)curpath);
147. free((void *)fullpath);
148. return(-1);
149. }
150.  
151. /* Again, "linkcount" (the link count of the current directory) is set
152. only if check_dir() is called recursively. Otherwise, we need to
153. stat the directory ourselves.
154. */
155. if (!linkcount) {
156. if (lstat(".", &statinfo)) {
157. fprintf(stderr, "lstat(%s): %s\n", fullpath, strerror(errno));
158. goto abort;
159. }
160. linkcount = statinfo.st_nlink;
161. }
162.  
163. if (!(dirhandle = opendir("."))) {
164. fprintf(stderr, "opendir(%s): %s\n", fullpath, strerror(errno));
165. goto abort;
166. }
167.  
168. numdirs = 0;
169. dl = (struct dirinfolist *)NULL;
170. while ((finfo = readdir(dirhandle))) {
171. if (!strcmp(finfo->d_name, ".") || !strcmp(finfo->d_name, ".."))
172. continue;
173.  
174. if (lstat(finfo->d_name, &statinfo)) {
175. fprintf(stderr, "lstat(%s/%s): %s\n",
176. fullpath, finfo->d_name, strerror(errno));
177. closedir(dirhandle);
178. goto abort;
179. }
180.  
181. if (S_ISDIR(statinfo.st_mode)) {
182. numdirs++;
183.  
184. if (norecurse) continue; /* just count subdirs if "-n" */
185.  
186. /* Otherwise, keep a list of all directories found that have link
187. count > 2 (indicating directory contains subdirectories). We'll
188. call check_dir() on each of these subdirectories in a moment...
189. */
190. if (statinfo.st_nlink > 2) {
191. dptr = dl;
192. if (!(dl = (struct dirinfolist *)malloc(sizeof(struct dirinfolist)))) {
193. fprintf(stderr, "malloc() failed: %s\n", strerror(errno));
194. norecurse = 1;
195. while (dptr) {
196. dl = dptr->dil_next;
197. free((void *)dptr);
198. dptr = dl;
199. }
200. continue;
201. }
202.  
203. strncpy(dl->dil_name, finfo->d_name, sizeof(dl->dil_name));
204. dl->dil_lc = statinfo.st_nlink;
205. dl->dil_next = dptr;
206. }
207. }
208. }
209. closedir(dirhandle);
210.  
211. /* Parent directory link count had better equal #subdirs+2... */
212. diff = linkcount - numdirs - 2;
213. if (diff) printf("%d\t%s\n", diff, fullpath);
214.  
215. /* Now check all subdirectories in turn... */
216. while (dl) {
217. check_dir(dl->dil_name, fullpath, dl->dil_lc, norecurse);
218. dptr = dl->dil_next;
219. free((void *)dl);
220. dl = dptr;
221. }
222.  
223. abort:
224. if (chdir(curpath)) {
225. fprintf(stderr, "Final chdir(%s) failed (%s) -- EXIT!\n",
226. curpath, strerror(errno));
227. exit(255);
228. }
229. free((void *)fullpath);
230. free((void *)curpath);
231. return(diff);
232. }
233.  
234.  
235. int main (int argc, char **argv)
236. {
237. int norecurse = 0;
238. int i, retval;
239. int c;
240.  
241. opterr = 0;
242. while ((c = getopt(argc, argv, "n")) > 0) {
243. switch (c) {
244. case 'n':
245. norecurse = 1;
246. break;
247. default:
248. usage();
249. }
250. }
251. if (argc <= optind) usage();
252.  
253. for (i = optind; i < argc; i++) {
254. retval = check_dir(argv[i], (char *)NULL, 0, norecurse);
255. }
256. exit(retval);
257. }